CRITICAL🇵🇱 Wersja polska

CVE-2025-50526

CVSS 9.8v3.1pub. 2025-12-23upd. 2026-01-02

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.

🤖 AI Analysis
How it works

The vulnerability (CWE-77) consists of improper neutralization of special characters passed to the switch_status function, which subsequently executes them as system commands. An attacker can send a crafted network request containing a malicious payload without the need to possess any access credentials. The attack vector is network-based, requires no user interaction or special privileges, making it exceptionally dangerous.

Impact

An attacker can execute arbitrary system commands on the device with potentially the highest privileges, leading to complete compromise of the device's confidentiality, integrity, and availability — including the ability to permanently modify network configuration or use the device as an entry point to the internal network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until an update is applied, it is recommended to isolate the device management panel from public network access and restrict access to the administrative interface only to trusted hosts.

Who is affected

Netgear EX8000 (Wi-Fi range extender) with firmware version V1.0.0.126

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Ex8000

    HW
    Netgear
    wszystkie wersje
  • Netgear Ex8000 Firmware

    OS
    Netgear
    1.0.0.126
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-45492CRITICAL9.8PL ✓ten sam produkt

Command Injection w Netgear EX8000 via parametr Iface (action_wireless)

CVE-2021-45618CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 b...

CVE-2021-45619CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v...

CVE-2020-35800CRITICAL9.4ten sam produkt

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 befo...

CVE-2018-21153CRITICAL9.8ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 b...